WP-Safety

Eyoung Chat – Ey聊天极简版 Security & Risk Analysis

wordpress.org/plugins/eychat

Eyoung Chat System (Ey聊天极简版), 为WordPress网站提供网页版的在线即时沟通工具,提供了网页群聊的通讯功能.

10 active installs v1.0 PHP + WP 4.8+ Updated May 24, 2022
%e7%be%a4%e8%81%8a%e8%81%8a%e5%a4%a9webim%e6%b2%9f%e9%80%9a%e4%ba%92%e5%8a%a8
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Eyoung Chat – Ey聊天极简版 Safe to Use in 2026?

Generally Safe

Score 85/100

Eyoung Chat – Ey聊天极简版 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The eychat v1.0 plugin presents a significant security risk due to a large number of unprotected AJAX handlers, which constitute its entire attack surface. While the code analysis indicates good practices in other areas like output escaping and a lack of dangerous functions or file operations, the absence of any authentication or capability checks on all 30 AJAX entry points is a critical oversight. This makes them highly susceptible to unauthorized access and manipulation, potentially leading to data breaches or denial-of-service attacks. The plugin's vulnerability history is clean, with no recorded CVEs. This might suggest either a lack of prior scrutiny or that the plugin has historically been less of a target. However, the current static analysis findings strongly suggest that this favorable history is not indicative of its present security posture. The lack of any taint analysis results could be due to the static analysis tool's limitations or that the identified flows did not trigger its detection thresholds. Despite the absence of critical vulnerabilities in the code analysis signals and a clean history, the unprotected AJAX endpoints are the most pressing concern, demanding immediate attention.

Key Concerns

  • All 30 AJAX handlers lack authentication
  • All 30 AJAX handlers lack capability checks
  • Significant attack surface exposed without authorization
  • 43% of SQL queries not using prepared statements
  • No nonce checks on AJAX handlers
Vulnerabilities
None known

Eyoung Chat – Ey聊天极简版 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Eyoung Chat – Ey聊天极简版 Code Analysis

Dangerous Functions
0
Raw SQL Queries
13
10 prepared
Unescaped Output
1
51 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

43% prepared23 total queries

Output Escaping

98% escaped52 total outputs
Attack Surface
30 unprotected

Eyoung Chat – Ey聊天极简版 Attack Surface

Entry Points30
Unprotected30

AJAX Handlers 30

authwp_ajax_eychat_settingclasses\admin.class.php:304
authwp_ajax_eychat_getMemberclasses\admin.class.php:305
authwp_ajax_eychat_setMemberclasses\admin.class.php:306
authwp_ajax_eychat_delMemberclasses\admin.class.php:307
authwp_ajax_eychat_setManagerclasses\admin.class.php:308
authwp_ajax_eychat_setStopSpeakclasses\admin.class.php:309
authwp_ajax_eychat_setStopEnterclasses\admin.class.php:310
authwp_ajax_eychat_getChatclasses\admin.class.php:311
authwp_ajax_eychat_delChatclasses\admin.class.php:312
authwp_ajax_eychat_delChatAllclasses\admin.class.php:313
authwp_ajax_eychat_imageuploadclasses\admin.class.php:318
authwp_ajax_eychat_setContentclasses\front.class.php:483
authwp_ajax_eychat_getHistoryclasses\front.class.php:484
authwp_ajax_eychat_checkJoin2classes\front.class.php:485
authwp_ajax_eychat_checkJoin3classes\front.class.php:486
authwp_ajax_eychat_getApplyclasses\front.class.php:487
authwp_ajax_eychat_setApplyPassclasses\front.class.php:488
authwp_ajax_eychat_setApplyRejectclasses\front.class.php:489
authwp_ajax_eychat_setNoticeclasses\front.class.php:490
authwp_ajax_eychat_getStatusclasses\front.class.php:491
authwp_ajax_eychat_setUserSpeakclasses\front.class.php:492
authwp_ajax_eychat_setUserEnterclasses\front.class.php:493
authwp_ajax_eychat_uploadImageclasses\front.class.php:494
authwp_ajax_eychat_uploadFileclasses\front.class.php:495
noprivwp_ajax_eychat_setContentclasses\front.class.php:497
noprivwp_ajax_eychat_getHistoryclasses\front.class.php:498
noprivwp_ajax_eychat_checkJoin2classes\front.class.php:499
noprivwp_ajax_eychat_checkJoin3classes\front.class.php:500
noprivwp_ajax_eychat_uploadImageclasses\front.class.php:501
noprivwp_ajax_eychat_uploadFileclasses\front.class.php:502
WordPress Hooks 7
actionadmin_menuclasses\admin.class.php:303
filterplugin_action_linksclasses\admin.class.php:314
actionadmin_enqueue_scriptsclasses\admin.class.php:315
actionplugins_loadedclasses\front.class.php:476
actioninitclasses\front.class.php:477
filtertemplate_includeclasses\front.class.php:504
actionwp_enqueue_scriptsclasses\front.class.php:505
Maintenance & Trust

Eyoung Chat – Ey聊天极简版 Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedMay 24, 2022
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Eyoung Chat – Ey聊天极简版 Alternatives

Eyoung Service Online System – Eyoung在线客服系统

Eyoung Service Online System – Eyoung在线客服系统

eyoung

A
100

Eyoung Service Online System (Eyoung在线客服系统), 为WordPress网站提供网页版的在线即时沟通工具,是一对一沟通服务的客服插件.

10 No CVEs
Developer Profile

Eyoung Chat – Ey聊天极简版 Developer Profile

yuyaoit

2 plugins · 20 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Eyoung Chat – Ey聊天极简版

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/eychat/js/eychat.min.js/wp-content/plugins/eychat/css/eychat.min.css
Script Paths
/wp-content/plugins/eychat/js/eychat.min.js
Version Parameters
eychat.min.js?ver=eychat.min.css?ver=

HTML / DOM Fingerprints

JS Globals
EYOUNGCHAT_FrontEYOUNGCHAT_Admin
FAQ

Frequently Asked Questions about Eyoung Chat – Ey聊天极简版